Skip to content

Improve QAT AES GCM tag checking#10143

Merged
JacobBarthelmeh merged 1 commit intowolfSSL:masterfrom
dgarske:qat_aes_gcm
Apr 9, 2026
Merged

Improve QAT AES GCM tag checking#10143
JacobBarthelmeh merged 1 commit intowolfSSL:masterfrom
dgarske:qat_aes_gcm

Conversation

@dgarske
Copy link
Copy Markdown
Member

@dgarske dgarske commented Apr 6, 2026

Description

Improve QAT AES GCM tag checking

Fixes ZD 21457 report 12

Testing

QAT 8970 PCIe card and latest QAT driver.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@dgarske dgarske self-assigned this Apr 6, 2026
Copilot AI review requested due to automatic review settings April 6, 2026 23:06
Copilot AI reviewed Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Improves QAT AES-GCM/CCM decryption authenticity handling by enabling digest verification on decrypt and propagating verify failures back to the caller (including wiping decrypted output on auth failure).

Changes:

  • Enable setup.verifyDigest for QAT decrypt operations where a digest is appended.
  • In the QAT symmetric cipher callback, detect authentication verify failures and return an auth error.
  • Wipe decrypted output on authentication failure to avoid returning unauthenticated plaintext.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread wolfcrypt/src/port/intel/quickassist.c Outdated
Comment thread wolfcrypt/src/port/intel/quickassist.c
Comment thread wolfcrypt/src/port/intel/quickassist.c
@dgarske
Copy link
Copy Markdown
Member Author

dgarske commented Apr 7, 2026

Jenkins retest this please

@dgarske
Copy link
Copy Markdown
Member Author

dgarske commented Apr 8, 2026

Jenkins retest this please.
PRB-fips-repo-and-harness-test-v3-part1 #8388

@dgarske dgarske assigned wolfSSL-Bot and unassigned dgarske Apr 9, 2026
@dgarske dgarske requested a review from JacobBarthelmeh April 9, 2026 15:22
@JacobBarthelmeh JacobBarthelmeh merged commit 044a5f8 into wolfSSL:master Apr 9, 2026
502 of 504 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dgarske @JacobBarthelmeh @wolfSSL-Bot